CVE-2019-18601

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTEDebug RPC calls to crash a database server within the SVOTEDebug RPC handler...

CVE-2019-18601

OpenAFS (affected: OpenAFS before 1.6.24 and 1.8.x before 1.8.5) is vulnerable to denial of service via unserialized dataAccess: remote attackers can trigger VOTE_Debug RPC calls in SVOTE_Debug handler to crash the database server. Root cause: improper handling of unserialized data. Impact: avail...

CVE-2019-18601

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTEDebug RPC calls to crash a database server within the SVOTEDebug RPC handler...

Scientific Linux Security Update : Important: OpenAFS on SL6.x, SL7.x i386/x86_64 (20191023)

"Security Fixes : - Fix OPENAFS-SA-2019-001: information leakage in failed RPC output Generated RPC handler routines ran output variables through XDR encoding even when the call had failed and would shortly be aborted and for which uninitialized output variables is common C Tenable Network...

OpenAFS CVE-2019-18602 Information Disclosure Vulnerability

Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...

OpenAFS CVE-2019-18603 Information Disclosure Vulnerability

Description OpenAFS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions are affected: OpenAFS 1.0 through 1.6.23 OpenAFS 1.8.0 through 1.8.4 Technologies Affected OpenAFS...

OpenAFS CVE-2019-18601 Denial of Service Vulnerability

Description OpenAFS is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users. OpenAFS 1.0 through 1.6.23 and 1.8.0 through 1.8.4 are vulnerable. Technologies Affected OpenAFS Openafs 1.0.0...

Updated openafs packages fix security vulnerabilities

Jeffrey Altman reported that the backup tape controller butc process does accept incoming RPCs but does not require or allow for authentication of those RPCs, allowing an unauthenticated attacker to perform volume operations with administrator credentials CVE-2018-16947. Mark Vitale reported that...

MGASA-2019-0021 Updated openafs packages fix security vulnerabilities

Jeffrey Altman reported that the backup tape controller butc process does accept incoming RPCs but does not require or allow for authentication of those RPCs, allowing an unauthenticated attacker to perform volume operations with administrator credentials CVE-2018-16947. Mark Vitale reported that...

Debian DSA-4302-1 : openafs - security update

Several vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-16947 Jeffrey Altman reported that the backup tape controller butc process does accept incoming...

Debian DLA-1513-1 : openafs security update

Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2018-16947 The backup tape controller process accepts incoming RPCs but does not require or allow for authentication of those RPCs. Handling those RPCs results in operations being performed with...

[SECURITY] [DSA 4302-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4302-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4302-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4302-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 23, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DLA-1513-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-4302-1 openafs - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4302-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1513-1] openafs security update

Package : openafs Version : 1.6.9-2+deb8u8 CVE ID : CVE-2018-16947 CVE-2018-16948 CVE-2018-16949 Debian Bug : 908616 Several security vulnerabilities were discovered in OpenAFS, a distributed file system. CVE-2018-16947 The backup tape controller process accepts incoming RPCs but does not require...

DLA-1513-1 openafs - security update

Bulletin has no description...

OpenAFS < 1.6.22.4, 1.8.x - 1.8.1.1 Multiple Vulnerabilities - Windows

OpenAFS is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenAFS has an unspecified vulnerability

OpenAFS is a distributed file system that allows sharing of archives and resources between systems over LANs and WANs. A security vulnerability exists in OpenAFS versions prior to 1.6.23 and 1.8.x prior to 1.8.2, which stems from the backup tape controller process not requiring authentication for...